This afternoon at Tech Ed, I attended a session on Identity Lifecycle Manager "2" (likely to be 2009) as well as talked with members of the development team.  From what I saw and heard, it sounds like ILM 2009 will have a core architecture that is very much inline with ILM 2007/MIIS 2003 with regards to the metaverse, the configuration of the adapters and the connector space, and some of the core set-up.  This is advantageous in the new version as it means most development work from the previous versions will migrate into ILM 2009 without any major issues.

However, beyond the metaverse and the Certificate Lifecycle integration pieces, the architecture in ILM 2009 becomes very different.  Here is a very rough diagram I threw together of what the architecture will look like:

The first major change in ILM 2009 is the new ILM Web Services layer.  This is a new layer that encapsulates many of the commands and actions that should be performed by ILM into a single layer that can be integrated into almost any application.  Of particular note, this layer consists of several workflows built on the Windows Workflow Foundation (WF) component in the .NET Framework 3.5.

These web services are then consumed by the new Identity portal that is built on the Windows SharePoint Services 3.0 platform (WSS).  This allows a quick WSS site to be built and branded or allows the Identity portal to be integrated into an existing SharePoint deployment.  The overall goal of the architecture is to allow the business users to take more control of actions and reduce requests to the IT department.  For example, this will allow users with rights to create their own distribution lists, join distribution lists, update personal data and more without IT even needing to get involved.

I personal think this gets very interesting when the scenarios are considered.  For example, ILM 2009 includes an add-on for Windows XP and Windows Vista that allows a user to reset their own password when forgotten through a quick challenge.  Things like this should cut down on support calls dramatically.  Further, because it is built on WF and allows routing and approval, business owners can more easily handle their own distribution lists.

For businesses, though, ILM 2009 includes a much needed tool, too.  ILM 2009 can now provide historical reports.  For example, a report could be generated that shows what systems I was supposed to have rights for on June 10, 2008 at 4:31 PM.  Only some basic reports will be available in the final version, but can be easily developed using Reporting Services.

A solid deployment of ILM 2009 will require some decent investment though.  ILM 2009 only runs on 64-bit versions of Windows Server 2008 and requires (at least right now) SQL Server 2008.  To get the best experience, though, users will need Office 2007 on their desktop and Exchange Server 2007 should already be in place.

With the emphasis on making identity management easier on users and more dynamic, ILM 2009 should be a nice addition in most IT environments.

Source: http://galego2.spaces.live.com/Blog/cns!4D725994D1492A33!593.entry